r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.

  - This required using NETLOGON_NEG_AUTH2_FLAGS for the
    SetupCredentials2 negotiation flags, which is what Samba3 does,
    because otherwise the server uses different crypto.
  - This tests the returned session keys, which we decrypt.

 - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
   most places.

 - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
   available.

 - Remove a useless argument to SMBsesskeygen_ntv1

 - move netr_CredentialState from the .idl to the new credentials.h

Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)

4 files changed, 17 insertions, 23 deletions

diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index c79d14bec0..5c7f01c658 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -35,7 +35,7 @@ struct dcerpc_security {
 				 uchar *data, size_t length, DATA_BLOB *sig);
 	NTSTATUS (*sign_packet)(struct dcerpc_security *, 
 				const uchar *data, size_t length, DATA_BLOB *sig);
-	NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]);
+	NTSTATUS (*session_key)(struct dcerpc_security *, DATA_BLOB *session_key);
 	void (*security_end)(struct dcerpc_security *);
 };
 
diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c
index 194b1aa865..fa4232c94a 100644
--- a/source4/librpc/rpc/dcerpc_ntlm.c
+++ b/source4/librpc/rpc/dcerpc_ntlm.c
@@ -57,13 +57,13 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
 }
 
 static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security, 
-				 uint8 session_key[16])
+				 DATA_BLOB *session_key)
 {
 	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
-	if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) {
-		return NT_STATUS_UNSUCCESSFUL;
+	if (!ntlmssp_state->session_key.data) {
+		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
-	memcpy(session_key, ntlmssp_state->session_key.data, 16);
+	*session_key = ntlmssp_state->session_key;
 	return NT_STATUS_OK;
 }
 
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 504c8dfd6f..a88d3c1b3e 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -57,7 +57,7 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security,
 }
 
 static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security, 
-				  uint8 session_key[16])
+				  DATA_BLOB *session_key)
 {
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
@@ -84,7 +84,7 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
 	struct netr_ServerReqChallenge r;
 	struct netr_ServerAuthenticate2 a;
 	uint8 mach_pwd[16];
-	struct netr_CredentialState creds;
+	struct creds_CredentialState creds;
 	const char *workgroup, *workstation;
 	uint32 negotiate_flags = 0;
 
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 0e045e0033..dce325d7e1 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -673,27 +673,21 @@ NTSTATUS dcerpc_secondary_smb(struct dcerpc_pipe *p, struct dcerpc_pipe **p2,
   only works for the ncacn_np transport
 */
 NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
-				  uint8 session_key[16])
+				  DATA_BLOB *session_key)
 {
 	struct cli_tree *tree;
 
-	memset(session_key, 0, 16);
-
+	if (p->security_state) {
+		return p->security_state->session_key(p->security_state, session_key);
+	}
+	
 	tree = dcerpc_smb_tree(p);
 	if (tree) {
-		memcpy(session_key, 
-		       tree->session->transport->negotiate.user_session_key,
-		       16);
-	}
-
-	if (p->security_state) {
-		NTSTATUS status;
-
-		status = p->security_state->session_key(p->security_state, session_key);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
+		if (tree->session->user_session_key.data) {
+			*session_key = tree->session->user_session_key;
+			return NT_STATUS_OK;
 		}
 	}
-	
-	return NT_STATUS_OK;
+
+	return NT_STATUS_NO_USER_SESSION_KEY;
 }